From: Jan Safranek <jsafrane@redhat.com>
Date: Tue, 1 Mar 2011 12:11:35 +0000 (+0100)
Subject: Check length of netlink addresses.
X-Git-Tag: v0.37.1~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4dddc4f71fcf1b60012705c6278458599ac6ddff;p=thirdparty%2Flibcgroup.git

Check length of netlink addresses.

Folow up on CVE-2011-1022, add check for length of address of incoming
netlink packet, just to be sure.

Pointed out by Steve Grubb.

Signed-off-by: Jan Safranek <jsafrane@redhat.com>
---

diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
index 5a965fd6..2f42a57b 100644
--- a/src/daemon/cgrulesengd.c
+++ b/src/daemon/cgrulesengd.c
@@ -516,6 +516,10 @@ static int cgre_receive_netlink_msg(int sk_nl)
 	if (recv_len < 1)
 		return 0;
 
+	if (from_nla_len != sizeof(from_nla)) {
+		flog(LOG_ERR, "Bad address size reading netlink socket");
+		return 0;
+	}
 	if (from_nla.nl_groups != CN_IDX_PROC
 	    || from_nla.nl_pid != 0)
 		return 0;